With a CA on each freedombox there need not be a requirement for a server. If my understanding of Tor is right, it is designed for anonymity, not encryption, should not need a CA for this.
On Thu, 2013-09-12 at 07:18 -0700, [email protected] wrote: > Would a CA require a fast server, a lot of available bandwidth etc? Does > Tor use a CA? > > -----Original Message----- > From: Freedombox-discuss > [mailto:freedombox-discuss-bounces+cgw993=aol....@lists.alioth.debian.org] > On Behalf Of Keith > Sent: Thursday, September 12, 2013 3:43 AM > To: Jonas Smedegaard > Cc: [email protected] > Subject: Re: [Freedombox-discuss] CAs and cipher suites for cautious servers > like FreedomBox > > Anyone for setting up a Freedombox CA? > This could be added to the freedombox as a trusted CA and usable for > freedombox to freedombox TLS only. > > > On Thu, 2013-09-12 at 11:10 +0200, Jonas Smedegaard wrote: > > Which TLS certificate authorities (CA) should we trust? > > > > Which cipher suites should we tolerate? > > > > Ideally the answers are "none" and "only strong ones". But what is > > more relevant to discuss is *realistic* answers (we can then tighten > > in later > > revisions): > > > > Which CAs and cipher suites are sensible to use - for now? > > > > > > I imagine there is no "one size fits all". That e.g. serving blog > > pages should be more pragmatic about [legacy systems] than Plinth > > admin pages or other [specific applications]. > > > > Would be nice if those knowledgeable about crypto could propose a > > shortlist of purposes, and corresponding CAs and cipher suites. > > > > We could use such shortlists to verify Plinth code, Apache setup, > > ca-certificates package configuration etc. > > > > Anyone knowledgeable about crypto that can help out? > > > > > > - Jonas > > > > > > [speficic applications]: The Guardian Project currently discuss choice > > of cipher suites for OTR in their (smartphone) applications: > > https://lists.mayfirst.org/pipermail/guardian-dev/2013-September/00250 > > 4.html > > > > [legacy systems]: CAcert.org discusses BEAST vs. RCA4 impacting MacOS X: > > https://lists.cacert.org/wws/arc/cacert/2013-09/msg00002.html > > > > _______________________________________________ > > Freedombox-discuss mailing list > > [email protected] > > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-dis > > cuss > > > > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss > > > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
